Apache Hadoop Vulnerability Allows Command Execution by Escalated Users
CVE-2018-11766

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Hadoop
Vendor: CVE Published:; 27 November 2018

Summary

A vulnerability exists in Apache Hadoop versions 2.7.4 to 2.7.6, where the security patch for a previous flaw was inadequately addressed. This flaw potentially allows a user with escalated privileges to the 'yarn' user to execute arbitrary commands with root privileges, creating significant security risks for affected systems. Users should be aware of this vulnerability as it could lead to unauthorized access and control over critical system functions.

Affected Version(s)

Apache Hadoop Apache Hadoop 2.7.4 to 2.7.6

References

http://www.securityfocus.com/bid/106035

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2018
Vulnerability Reserved
Jun 5, 2018